We've seen how easily weak passwords can be hacked, and we've also discussed how you can automatically generate and fill in secure passwords. Here's a great technique to add an extra layer of security to your ASCII-based password.
If you're a Windows geek, you may be familiar with the Alt + numeric pad key combination that creates ASCII characters which are not present on a regular keyboard.
These characters are less frequently included in brute force or dictionary attacks, which can act as first line of defence for your password against cracking. Many keyloggers would also not be able to log most of the characters from the ASCII code chart, which would render them useless.
If someone tried to guess your password and you have any ASCII character in it, they would need to know the exact key combination for that character before they get anywhere. In a way, the ASCII codes act as a password for your password.
Here is how it works:
When you press Alt + 16 in any text field in Windows, it will create a ► character and pressing Alt + 17 on the num pad gives a ◄. Go ahead, open up notepad and try it out or just open the Run dialog and try out any Alt + number combination.
I generally use a single ASCII character at the start and end of the password. So it looks something like ►mypassword◄. Here's the video version:
Music by Gold'n Teasdale
A few password examples (ideally you won't be using dictionary words in the rest of your password):
I♥newyork (Alt + 3) ♠inthehole (Alt + 6) ♫tomyears (Alt + 14)
Although it is not necessary to use these every time, some passwords are more important than others. I usually use these as a part of my master password for password managers like KeePass or as a part of Windows Logon password.
You should be careful while creating a password in KeePass as well as any other software, since it doesn't display all the ASCII characters correctly. So choose the characters that are displayed correctly, so that you can refer to them when you type the passwords without the asterisks.
Advantages of this approach:
- Works on all versions of Windows. Also works on majority of programs where a password is needed
- First line of defence against keyloggers and dictionary attacks
Disadvantages of this approach:
- Does not work on a mobile phone
- In some ways, you may be better off just adding more characters to your password. See myth #10 on this password post.
- ASCII key codes work differently on different operating systems. On Macs, you'd use an Option+key combination that's different from the Windows code.
You can refer to the complete ASCII (Alt + num) characters table for Windows here. Think creative and if you come up with some cool passwords using this technique, let us know (without giving too much away!) in the comments.